From f27db66b14e417cbc4b8124842d5525bf3bb8884 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 28 Aug 2020 07:34:08 +0200 Subject: fix possible problems with http proxy --- .../EidasCentralAuthMetadataController.java | 40 ++++++++++------------ 1 file changed, 19 insertions(+), 21 deletions(-) (limited to 'id/server/modules/moa-id-module-AT_eIDAS_connector') diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java index a0c1fa30b..5409e3a4c 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller; import java.io.IOException; +import java.net.URL; import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -76,29 +77,26 @@ public class EidasCentralAuthMetadataController extends AbstractController { public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { //check PublicURL prefix try { - String authURL = HTTPUtils.extractAuthURLFromRequest(req); - if (!authConfig.getPublicURLPrefix().contains(authURL)) { - resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL"); - return; - - } else { - //initialize metadata builder configuration - EidasCentralAuthMetadataConfiguration metadataConfig = - new EidasCentralAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); - metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); - - - //build metadata - String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); - - //write response - byte[] content = xmlMetadata.getBytes("UTF-8"); - resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentLength(content.length); - resp.setContentType(MediaType.XML_UTF_8.toString()); + String authUrlString = HTTPUtils.extractAuthURLFromRequest(req); + String authURL = authConfig.validateIDPURL(new URL(authUrlString)); + Logger.trace("Build eIDAS Metadata for requestUrl: " + authURL); + + //initialize metadata builder configuration + EidasCentralAuthMetadataConfiguration metadataConfig = + new EidasCentralAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); + metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); + + + //build metadata + String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); + + //write response + byte[] content = xmlMetadata.getBytes("UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentLength(content.length); + resp.setContentType(MediaType.XML_UTF_8.toString()); resp.getOutputStream().write(content); - } } catch (Exception e) { Logger.warn("Build federated-authentication PVP metadata FAILED.", e); -- cgit v1.2.3